using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
//加密的名称空间引入
using System.Security.Cryptography;
//
using System.Data.SqlClient;
namespace ch02
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
private void btnRegist_Click(object sender, EventArgs e)
{
if (Check())
{
string strName = txtName.Text.Trim();
string strUserName = txtUserName.Text.Trim();
string strPwd = PwdForMD5(txtPwd.Text);//得到密码并加密
string strDesc = txtDesc.Text;
//注册
//InsertData(strName, strUserName, strPwd, strDesc);
InsertDataForParameterRange(strName, strUserName, strPwd, strDesc);
}
}
#region 采取sql语句拼凑方式,易被Sql注入式攻击
/// <summary>
/// 注册方法一
/// </summary>
/// <param name="strName"></param>
/// <param name="strUserName"></param>
/// <param name="strPwd"></param>
/// <param name="strDesc"></param>
private void InsertData(string strName, string strUserName, string strPwd, string strDesc)
{
//
string strSql = "insert into [User]([Name],UserName,Password,TypeID,[Desc]) ";
strSql += " values('" + strName + "','" + strUserName + "','" + strPwd + "',1,'" + strDesc + "')";
if (DBHelper.ExecuteNonQuery(strSql) > 0)
{
MessageBox.Show("注册成功!", "系统提示");
}
else
MessageBox.Show("注册失败!", "系统提示");
}
#endregion
#region 采用参数形式执行,可以防止注入式攻击,参数是一个个添加
/// <summary>
/// 采用参数形式执行命令
/// </summary>
/// <param name="strName"></param>
/// <param name="strUserName"></param>
/// <param name="strPwd"></param>
/// <param name="strDesc"></param>
private void InsertDataForParameter(string strName, string strUserName, string strPwd, string strDesc)
{
string strSql = "insert into [User]([Name],UserName,Password,TypeID,[Desc]) ";
strSql += " values(@Name,@UserName,@Password,1,@Desc)";
SqlParameter param1 = new SqlParameter();
param1.ParameterName="@Name";
param1.SqlDbType = SqlDbType.VarChar;
param1.Size = 16;
param1.Value = strName;
SqlParameter param2 = new SqlParameter("@UserName", SqlDbType.VarChar, 16);
param2.Value = strUserName;
SqlParameter param3 = new SqlParameter("@Password", SqlDbType.VarChar, 64);
param3.Value = strPwd;
SqlParameter param4 = new SqlParameter("@Desc", SqlDbType.VarChar, 256);
param4.Value = strDesc;
SqlCommand comm = new SqlCommand(strSql,DBHelper.Conn);
comm.Parameters.Add(param1);
comm.Parameters.Add(param2);
comm.Parameters.Add(param3);
comm.Parameters.Add(param4);
DBHelper.ConnOpen();
if (comm.ExecuteNonQuery() > 0)
{
MessageBox.Show("注册成功!", "系统提示");
}
else
MessageBox.Show("注册失败!", "系统提示");
DBHelper.ConnClose();
}
#endregion
#region 参数形式第二步,将参数加入到数组中,一次全部添加
/// <summary>
/// 采用参数形式执行命令
/// </summary>
/// <param name="strName"></param>
/// <param name="strUserName"></param>
/// <param name="strPwd"></param>
/// <param name="strDesc"></param>
private void InsertDataForParameterRange(string strName, string strUserName, string strPwd, string strDesc)
{
string strSql = "insert into [User]([Name],UserName,Password,TypeID,[Desc]) ";
strSql += " values(@Name,@UserName,@Password,1,@Desc)";
SqlParameter[] param = {
new SqlParameter("@Name", SqlDbType.VarChar, 16) ,
new SqlParameter("@UserName", SqlDbType.VarChar, 16),
new SqlParameter("@Password", SqlDbType.VarChar, 64),
new SqlParameter("@Desc", SqlDbType.VarChar, 256)
};
param[0].Value = strName;
param[1].Value = strUserName;
param[2].Value = strPwd;
param[3].Value = strDesc;
SqlCommand comm = new SqlCommand(strSql, DBHelper.Conn);
//将参数数组一次追加
comm.Parameters.AddRange(param);
DBHelper.ConnOpen();
if (comm.ExecuteNonQuery() > 0)
{
MessageBox.Show("注册成功!", "系统提示");
}
else
MessageBox.Show("注册失败!", "系统提示");
DBHelper.ConnClose();
}
#endregion
#region 参数形式,调用DbHelper类中的方法,传入语句和参数即可
private void IsertDataForDbHelper(string strName, string strUserName, string strPwd, string strDesc)
{
string strSql = "insert into [User]([Name],UserName,Password,TypeID,[Desc]) ";
strSql += " values(@Name,@UserName,@Password,1,@Desc)";
SqlParameter[] param = {
new SqlParameter("@Name", SqlDbType.VarChar, 16) ,
new SqlParameter("@UserName", SqlDbType.VarChar, 16),
new SqlParameter("@Password", SqlDbType.VarChar, 64),
new SqlParameter("@Desc", SqlDbType.VarChar, 256)
};
param[0].Value = strName;
param[1].Value = strUserName;
param[2].Value = strPwd;
param[3].Value = strDesc;
//调用DBHelper中的方法
if (DBHelper.ExecuteNonQuery(strSql, param) > 0)
{
MessageBox.Show("注册成功!", "系统提示");
}
else
MessageBox.Show("注册失败!", "系统提示");
}
#endregion
#region 数据验证
/// <summary>
/// 注册前的数据验证
/// </summary>
/// <returns></returns>
private bool Check()
{
string strName = txtName.Text.Trim();
if (string.IsNullOrEmpty(strName))//strName == "")//
{
MessageBox.Show("用户姓名不能为空!", "系统提示");
return false;
}
string strUserName = txtUserName.Text.Trim();
if (string.IsNullOrEmpty(strUserName))//strName == "")//
{
MessageBox.Show("用户名不能为空!", "系统提示");
return false;
}
string strPwd = txtPwd.Text;
if (string.IsNullOrEmpty(strPwd))//strName == "")//
{
MessageBox.Show("用户密码不能为空!", "系统提示");
return false;
}
string strRePwd = txtRePwd.Text;
if (strRePwd != strPwd)
{
MessageBox.Show("密码不一致!", "系统提示");
return false;
}
return true;
}
#endregion
#region 加密
/// <summary>
/// 加密密码
/// </summary>
/// <param name="strPwd">密码</param>
/// <returns></returns>
private string PwdForMD5(string strPwd)
{
//定义一个MD5加密的类的对象
MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
//将密码转换成UTF8格式的字节数组
byte[] bytes = Encoding.UTF8.GetBytes(strPwd);
//加密
bytes= md5.ComputeHash(bytes);
//将字节数组转换成字符串
return BitConverter.ToString(bytes);
}
#endregion
}
}
浙公网安备 33010602011771号